Identity
Web Modeler Self-Managed is available to enterprise customers only.
Configuring secure connections to Identity
By default, communication between Web Modeler and Identity is not encrypted, as it usually happens backend-to-backend within the same Docker network or Kubernetes cluster. However, you can enable TLS-encrypted communication by following the steps below (for example, if backend-to-backend communication is not possible in a custom Camunda 8 installation setup).
Configure the Identity base URL
Provide a URL that starts with https://
(e.g. https://identity.example.com
) as the base URL of the Identity instance:
- For the
modeler-webapp
container, provide the URL via the environment variableIDENTITY_BASE_URL
. - For the
modeler-restapi
container, provide the URL via the environment variableRESTAPI_IDENTITY_BASE_URL
.
(Optional) Provide a custom certificate
If you are using a custom (self-signed) TLS certificate for Identity, you need to make Web Modeler accept the certificate:
- For the
modeler-webapp
container, provide the path to the certificate file via the environment variableNODE_EXTRA_CA_CERTS
(make sure that the provided path is accessible from the container, e.g. via a mounted volume):NODE_EXTRA_CA_CERTS=/path/to/certificate.crt
- For the
modeler-restapi
container:- Add the certificate to a custom Java trust store (using the
keytool
utility). - Configure the trust store as described in the Zeebe connection troubleshooting guide.
- Add the certificate to a custom Java trust store (using the
Using a different OpenID Connect (OIDC) authentication provider than Keycloak
By default, Web Modeler uses Keycloak for providing authentication. You can use a different OIDC provider by following the steps described in the OIDC connection guide.